I created a Squid proxy and a self signed ssl, The SSL certificate on the server is a private cert linked to the ssl-bump feature. I am using tshark to dump the SSL traffic, but i can't sniffing with tshark. for example my tshark command is:
Code:
tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 209.190.x.x,443,http,/etc/squid/ssl/file/squid.key" -o "ssl.debug_file: /tmp/.wireshark-log" -i eth0 -R "http.request.method==GET or http.request.method==POST"
I know the squid works (and i can sniffing all data from http), and i can see the log of https site in /var/log/squid/access.log but i can't sniff full data of https. i also know Squid becomes a man-in-the-middle in this scenario and make 2 ssl key One between the client and squid, the other between squid and the server. i can't sniff the data between the client and squid but i think i can sniffing data between server(me) and squid.
How can i sniff it? is there any alternative for tshark?